DEV Community 👩‍💻👨‍💻

Cover image for FREE VPN with AWS

FREE VPN with AWS

So,

You Want a Free VPN for securing you're connection, you don't want the third party to sneak up behind you and see or steal your data, you are not alone, we all want that, easy way buy a premium vpn there are tons of out there, but we they are paid, so lets have our own VPN.

Without Further Delay lets get started,

PREQUISTE

AWS ACCOUNT
LITTLE BIT OF LINUX

We are going to use the service name LightSail in here, you ask why? Well, first we can run the sever for free (3 Months) if you are well-passed you're free tier of AWS.

Lets go to LightSail Console
First thing you see why you go to LightSail

Let's create the Instance

Instance Create
We can use any OS amazon-linux-2, ubuntu we just needs to know the package name for the same, here I'm going with ubuntu:20.04LTS

Choose the Plan According to you're needs and select it
Plan

While waiting for the instance to provision for you lets go to Network tab and create a static-IP for our VPN
static-ip

Name the IP with anything, choose the Instance in which you want to attach the static-IP
static-ip

Let's connect to the instance with SSH, LightSail give us web-based ssh and terminal based, for terminal based we need the key, Download the Default key from here
ssh key
and lets start executing some linux commands.

PART II

Start the SSH connection

ssh ubuntu@<IP> -i <path-to-key>
Enter fullscreen mode Exit fullscreen mode

Install the Wireguard

sudo -i
apt update 
apt install wireguard -y
Enter fullscreen mode Exit fullscreen mode

Installation of Wireguard

After Installing it, we need to enable the port forwarding so that after connecting to instance we can still use the internet freely
run the following command to do so

vim /etc/sysctl.d/10-wireguard.conf
Enter fullscreen mode Exit fullscreen mode

and add the following line

net.ipv4.ip_forward=1
Enter fullscreen mode Exit fullscreen mode

After adding the line execute the following command to make it permanent

sysctl -p /etc/sysctl.d/10-wireguard.conf
Enter fullscreen mode Exit fullscreen mode

port forwarding enable

After enabling the Port Forwarding lets move to the Wireguard directory

cd /etc/wireguard
Enter fullscreen mode Exit fullscreen mode

NOTICE: Important We are generating key for the server make sure that you don't share any private key from here.

Execute the following commands

wg genkey | tee server.key | wg pubkey > server.pub
Enter fullscreen mode Exit fullscreen mode

Keys are generated here

wg & wg-quick is command-line tool for interacting with Wireguard.
We will be using these file in our next step.

Now Let's create the configuration file,

for our VPN here whatever you want to name the configuration file you can name it and it will create a interface with the same name
but it must contain the .conf

vim vpn.conf
Enter fullscreen mode Exit fullscreen mode

Add these line into it

[Interface]
Address = 10.1.1.1/24
ListenPort = 51820
PrivateKey = <server.key>
PostUp = iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
PostDown = iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
Enter fullscreen mode Exit fullscreen mode

Make sure you add the server.key content here the file we created earlier
Added the Configuration to vpn.conf

Let's Enable the VPN

run the following command to start it

systemctl enable --now wg-quick@vpn
Enter fullscreen mode Exit fullscreen mode

Verify it's running successfully

systemctl status wg-quick@vpn
Enter fullscreen mode Exit fullscreen mode

Started the VPN

PART III

So our VPN Server is now running but we need to give the access to user, for that we need to generate some more files using the wg but I love the GUI so after doing some digging I found this amazing dashboard thanks to the author I can do everything from Dashboard only

Install the Dashboard

Here the github link
let's clone the repo

git clone -b v3.0.6 https://github.com/donaldzou/WGDashboard.git wgdashboard
Enter fullscreen mode Exit fullscreen mode

change the directory & execute some commands

cd wgdashboard/src
chmod u+x wgd.sh
./wgd.sh install
chmod -R 755 /etc/wireguard
apt install python3-pip -y
pip3 install -r requirements.txt
./wgd.sh start
Enter fullscreen mode Exit fullscreen mode

Execution of the above commands
Server started

Make Sure the port 10086 being used by running

netstat -tnlp
Enter fullscreen mode Exit fullscreen mode

checking the port

And we are done here

Back to LightSail

Let Open these port
51820 UDP
10086 TCP

By going into the networking tab
port allowing

PART IV

We are in the ENDGAME

Open the Dashboard by going to

public-ip-of-instance:10086

In my case http://3.111.147.192:10086/
Logging Screen

Default Creds

username: admin
password: admin

After logging in
Dashboard

Go to the Setting Page
Setting Page
change the

Peer Remote Endpoint (This will be change globally, and will be apply to all peer's QR code and configuration file.)

From anything like this
ip
to You're Public IP of the Instance in my case 3.111.147.192

And then Go to the Configuration Page
Configuration Page

Click on the Blue Add Button on the Lower Right
Add the Username and Download the File by clicking on the small green button.
Added the User

Go to WireGuard Client And add the tunnel by importing the downloaded file and click
ACTIVATE

If Everything is right you will be connected to the VPN check your IP to verify it.

whatsmyIP

That's How We can have our own VPN

If any question plz feel free to ask in the comments

Top comments (0)

🌚 Browsing with dark mode makes you a better developer by a factor of exactly 40.

It's a scientific fact.